🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Vladislav Pokrovsky (ΞX.MI)

Vladislav Pokrovsky (ΞX.MI)

Organization: Independent AppSec Researcher

All Time Ranking

260

All Time Discoveries

About

AppSec // Bug Bounty // Legal Hacking

«When you lose fun and start doing things only for the payback, you're dead.» © Phrack #65

Showing 41-60 of 260 Vulnerabilities

Woodmart <= 7.1.1 - Cross-Site Request Forgery to License Update

6.5

CVE-2023-32500

Mar 1, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

WoodMart <= 7.1.1 - Missing Authorization to Shortcode Injection

6.5

CVE-2023-25790

Mar 1, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Real Estate 7 <= 3.3.4 - Reflected Cross-Site Scripting via ct_additional_features

6.1

CVE ID Unknown

Feb 28, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Real Estate 7 Theme <= 3.3.1 - Stored Cross-Site Scripting

7.2

CVE-2022-47146

Feb 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Woodmart <= 7.0.4 - Unauthenticated Arbitrary Content Injection

5.3

CVE-2023-25790

Feb 16, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Monolit <= 2.0.6 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-25041

Feb 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

JS Help Desk <= 2.7.1 - Unauthenticated Arbitrary File Upload

9.8

CVE-2022-46839

Jan 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

JS Help Desk <= 2.7.1 - Missing Authorization

6.3

CVE-2022-46840

Jan 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

JS Help Desk <= 2.7.1 - Missing Authorization to Plugin Settings Update

9.1

CVE-2022-46838

Jan 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

JS Help Desk <= 2.7.1 - Unauthenticated SQL Injection

8.6

CVE-2022-47151

Jan 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

JS Help Desk <= 2.7.1 - Cross-Site Request Forgery

5.4

CVE-2022-46842

Jan 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Smart Slider 3 <= 3.5.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2022-45843

Nov 23, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Creative Mail <= 1.5.4 - Cross-Site Request Forgery

8.8

CVE-2022-44740

Oct 28, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SEO Redirection Plugin <= 8.9 - Cross-Site Request Forgery

8.8

CVE-2022-40695

Oct 25, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Image Hover Effects Ultimate <= 9.7.1 - Authenticated (Admin+) Arbitrary Options Update

7.2

CVE-2022-42459

Oct 25, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Quiz And Survey Master <= 7.3.4 - Multiple Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2021-36905

Oct 21, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Quiz And Survey Master <= 7.3.6 - Insecure Direct Object Reference

5.4

CVE-2021-36906

Oct 21, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Quiz And Survey Master <= 7.3.4 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2021-36898

Oct 21, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'license' parameter

5.5

CVE-2022-45082

Sep 29, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'pages' parameter

5.5

CVE-2022-45082

Sep 29, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Woodmart <= 7.1.1 - Cross-Site Request Forgery to License Update	CVE-2023-32500	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	March 1, 2023
WoodMart <= 7.1.1 - Missing Authorization to Shortcode Injection	CVE-2023-25790	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	March 1, 2023
Real Estate 7 <= 3.3.4 - Reflected Cross-Site Scripting via ct_additional_features		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 28, 2023
Real Estate 7 Theme <= 3.3.1 - Stored Cross-Site Scripting	CVE-2022-47146	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	February 20, 2023
Woodmart <= 7.0.4 - Unauthenticated Arbitrary Content Injection	CVE-2023-25790	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	February 16, 2023
Monolit <= 2.0.6 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-25041	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	February 6, 2023
JS Help Desk <= 2.7.1 - Unauthenticated Arbitrary File Upload	CVE-2022-46839	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 27, 2023
JS Help Desk <= 2.7.1 - Missing Authorization	CVE-2022-46840	6.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	January 27, 2023
JS Help Desk <= 2.7.1 - Missing Authorization to Plugin Settings Update	CVE-2022-46838	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	January 27, 2023
JS Help Desk <= 2.7.1 - Unauthenticated SQL Injection	CVE-2022-47151	8.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N	January 27, 2023
JS Help Desk <= 2.7.1 - Cross-Site Request Forgery	CVE-2022-46842	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	January 27, 2023
Smart Slider 3 <= 3.5.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-45843	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 23, 2022
Creative Mail <= 1.5.4 - Cross-Site Request Forgery	CVE-2022-44740	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 28, 2022
SEO Redirection Plugin <= 8.9 - Cross-Site Request Forgery	CVE-2022-40695	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 25, 2022
Image Hover Effects Ultimate <= 9.7.1 - Authenticated (Admin+) Arbitrary Options Update	CVE-2022-42459	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	October 25, 2022
Quiz And Survey Master <= 7.3.4 - Multiple Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2021-36905	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	October 21, 2022
Quiz And Survey Master <= 7.3.6 - Insecure Direct Object Reference	CVE-2021-36906	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	October 21, 2022
Quiz And Survey Master <= 7.3.4 - Authenticated (Administrator+) SQL Injection	CVE-2021-36898	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	October 21, 2022
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'license' parameter	CVE-2022-45082	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	September 29, 2022
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'pages' parameter	CVE-2022-45082	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	September 29, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation